chore: release v0.7.0 — changelog, version bump, and integration fixes

[theonlyhennygod]

Summary

• Base branch: master
• Problem: Version 0.6.x accumulated 140+ features, 200+ fixes, and a full workspace refactoring across 73 contributors — none released under a stable tag yet. Additionally, Hugging Face and LM Studio integrations were marked ComingSoon despite being fully implemented, and Docker web UI required manual pairing code entry.
• Why it matters: Users and downstream packaging (Docker, Homebrew, AUR, Scoop, crates.io) need a tagged 0.7.0 release. Contributors deserve attribution for their work across the 0.6.x series.
• What changed:
  1. Bump version from 0.6.9 to 0.7.0 across workspace (Cargo.toml, Cargo.lock, Tauri config, marketplace templates, workflows)
  2. Add comprehensive CHANGELOG.md covering the entire 0.6.x series with all 73 contributors attributed
  3. Mark Hugging Face and LM Studio integrations as Available (fix: use providers.fallback not default_provider)
  4. Auto-fill pairing code in Docker web UI environments
  5. Fix pre-release validation CI to use correct secrets (RELEASE_TOKEN, WEBSITE_REPO_PAT)
• What did not change: No runtime logic changes beyond the targeted fixes. README badge updates deferred to the version-sync workflow on merge.

Label Snapshot (required)

• Risk label: risk: low
• Size label: size: M
• Scope labels: ci, docs, dependencies, integration
• Module labels: provider: huggingface, provider: lmstudio

Change Metadata

• Change type: chore (release preparation with targeted fixes)
• Primary scope: multi

Linked Issue

• Closes: N/A
• Related: fix(web): auto-fill pairing code in Docker environments #5568 (Docker pairing code auto-fill)
• Supersedes: chore: bump version to 0.7.0 with comprehensive changelog #5792

Supersede Attribution (required when Supersedes # is used)

#5792 was opened under the old branch name fix/huggingface-lmstudio-integration-status. This PR carries the same commits on the renamed branch chore/release-0.7.0 with additional CI fixes.

Validation Evidence (required)

# Workspace version bump verified
cargo update --workspace  # ✅ all 14 crates at 0.7.0

# Version sync verified across 38 files
bash scripts/release/bump-version.sh 0.7.0  # ✅

# Compilation fix verified — providers.fallback resolves correctly
cargo check  # ✅

# Markdown lint verified — CHANGELOG.md passes MD022

Security Impact (required)

• New permissions/capabilities? No
• New external network calls? No
• Secrets/tokens handling changed? No (CI workflow updated to reference existing secrets correctly)
• File system access scope changed? No

Privacy and Data Hygiene (required)

• Data-hygiene status: pass
• Redaction/anonymization notes: CHANGELOG attributes contributors by public GitHub display names and handles only.
• Neutral wording confirmation: Confirmed.

Compatibility / Migration

• Backward compatible? Yes — version bump is metadata-only; integration fix corrects existing broken logic.
• Config/env changes? No
• Migration needed? No

i18n Follow-Through (required when docs or user-facing wording changes)

• i18n follow-through triggered? No — README badge updates deferred to version-sync workflow on merge.

Human Verification (required)

• Verified scenarios: Version string consistency across all changed files; CHANGELOG contributor attribution accuracy; providers.fallback field resolves on Config struct; Docker pairing code auto-fill behavior; pre-release validation secrets resolve correctly.
• Edge cases checked: aardvark-sys stays at 0.1.0 (intentionally separate versioning); cargo fmt satisfied on multi-line matches! macro; website access checked with dedicated WEBSITE_REPO_PAT.
• What was not verified: Cross-platform binary builds (depends on CI).

Side Effects / Blast Radius (required)

• Affected subsystems/workflows: Version-sync workflow (fires on merge to sync README badges), beta release pipeline, marketplace templates, pre-release validation workflow.
• Potential unintended effects: None — version bump is metadata; integration fix corrects field reference; CI fix aligns secret names.
• Guardrails: Beta release runs first before stable tag is pushed.

Agent Collaboration Notes (recommended)

• Agent tools used: Claude Code for changelog generation, contributor extraction from git history, version bump coordination, and CI debugging.
• Workflow summary: Generated CHANGELOG from git log v0.6.0..HEAD, extracted 73 unique contributors, bumped workspace version across 14 crates, diagnosed and fixed compilation error (default_provider → providers.fallback), fixed pre-release CI secret references.
• Verification focus: Version string consistency, CHANGELOG completeness, integration compilation, CI secret resolution.
• Confirmation: Naming and architecture boundaries followed per AGENTS.md and CONTRIBUTING.md.

Risks and Mitigations

• Risk: Pre-release validation workflow changes run from master on PR triggers, so the CI fix only takes full effect after merge.
  • Mitigation: The fix is straightforward (secret name alignment) and was verified by checking the step that previously failed now passes the secrets check.
• Risk: Version bump touches Cargo.lock which could drift if master gets new dependency changes.
  • Mitigation: Branch is rebased on latest master before each push; cargo update --workspace confirms lock file is current.

Rollback Plan (required)

• Fast rollback: git revert <merge-commit> on master.
• Feature flags: N/A — metadata + bugfix changes.
• Observable failure symptoms: CI --locked failures if Cargo.lock stale; release pipeline version mismatch if Cargo.toml doesn't match tag.

Release Plan

Once merged to master:

1. Version-sync workflow fires → updates 31 README badges automatically
2. Beta release fires → v0.7.0-beta.{N} with all targets + Docker beta
3. After CI passes, push tag v0.7.0 to trigger full stable release:
   • Cross-platform binaries (Linux x86/ARM, macOS, Windows, Android)
   • macOS desktop app (.dmg)
   • Docker images → ghcr.io/zeroclaw-labs/zeroclaw:v0.7.0 + :latest
   • crates.io publish
   • Package managers: Homebrew, Scoop, AUR
   • Marketplace: Coolify, Dokploy, EasyPanel
   • Announcements: Twitter + Discord
   • Website redeploy

[JordanTheJet]

Agent triage — skipped, flagged for maintainer review

Comprehension summary

What: Prepares v0.7.0 release. Bumps workspace version 0.6.9 → 0.7.0 across 14 crates + Tauri + marketplace templates, adds a 321-line CHANGELOG.md covering the entire 0.6.x series with 73-contributor attribution, fixes HuggingFace/LM Studio integration status (they were hardcoded ComingSoon despite being implemented — now read providers.fallback), migrates pre-release validation from secrets.PAT → secrets.RELEASE_TOKEN + secrets.WEBSITE_REPO_PAT, and auto-fills the Docker web UI pairing code.

Why: 0.6.x accumulated 140+ features / 200+ fixes with no stable tag since the workspace refactor; downstream packaging (Docker, Homebrew, AUR, Scoop, crates.io) is blocked waiting for 0.7.0.

Blast radius: Release pipeline (beta → stable → marketplace sync → Homebrew/AUR/Scoop/crates.io/Docker/Discord), version-sync workflow (31 README badges), integration status surface in runtime registry, Docker web UI pairing flow.

Why this is being escalated rather than agent-reviewed

Per docs/contributing/reviewer-playbook.md §1.5 and the agent's review protocol, PRs that modify high-risk paths and are NOT primarily docs changes must be routed to a human maintainer. This PR touches:

• .github/workflows/pre-release-validate.yml — changes the secret reference used for downstream-repo write-access checks (PAT → RELEASE_TOKEN) and introduces a second token (WEBSITE_REPO_PAT) for the website repo split. Secret-handling + release-gating = needs a human with access to verify the new secrets are actually provisioned in org settings before this merges. If RELEASE_TOKEN or WEBSITE_REPO_PAT is unset or under-scoped, the Validate Release Readiness job will silently let a bad release tag through.
• .github/workflows/discord-release.yml and .github/workflows/sync-marketplace-templates.yml — doc-string bumps only (v0.6.9 → v0.7.0 in input descriptions). Low concern, but still high-risk path.
• crates/zeroclaw-runtime/src/integrations/registry.rs — behavior change: HF and LM Studio flip from ComingSoon to Active when providers.fallback == \"huggingface\" | \"hf\" | \"lmstudio\" | \"lm-studio\". Small and local, but it is a runtime/* change.

Release PRs also carry category-level risk the agent doesn't clear autonomously: once the v0.7.0 tag lands, binary builds, crates.io publish, Homebrew/AUR/Scoop push, Docker image tagging, and marketplace sync all fire. Rollback after tag push is materially harder than reverting a normal PR.

What the agent did NOT do

• Did not run the local validation battery (cargo fmt / clippy / build / test). CI is green on the PR side (all 21 checks SUCCESS including CI Required Gate and Security Required Gate).
• Did not execute the PR's test-plan-equivalent "Validation Evidence" block.
• Did not assign itself or apply agent-approved.

What the maintainer should verify before merge

1. Secrets provisioned: RELEASE_TOKEN exists in the repo/org with push scope to zeroclaw-labs/dokploy, easypanel, coolify; WEBSITE_REPO_PAT exists with push scope to zeroclaw-labs/zeroclaw-website. The Validate Release Readiness job will fail loudly if either is missing, but worth confirming pre-merge.
2. Superseded PR attribution: PR declares Supersedes #5792. Per docs/contributing/pr-discipline.md, if material commits from chore: bump version to 0.7.0 with comprehensive changelog #5792 were carried over, Co-authored-by trailers should be present. PR body's own note says this branch carries the same commits plus a compilation fix — worth confirming chore: bump version to 0.7.0 with comprehensive changelog #5792's author is credited.
3. CHANGELOG contributor list: 73 contributors attributed by display name/handle. Worth a skim for correctness and for any names that should be redacted per the data-hygiene rules.
4. Release pipeline order: PR body states "Beta release runs first before stable tag is pushed" as a guardrail. Confirm the v0.7.0-beta.N beta path actually fires on merge before anyone pushes the stable v0.7.0 tag.
5. aardvark-sys intentionally stays at 0.1.0 — confirm this is still the desired versioning strategy.

Meta notes

• PR missing size: label (PR body claims size: M) and risk: label (PR body claims risk: low). Auto-labelers applied ci, docs, dependencies only.
• Mergeable state: BLOCKED — expected, since no approving review has been left yet.
• No prior agent comments; this is the first triage pass.

Not applying agent-approved. Flagging for human review. @JordanTheJet

---

🤖 Generated with Claude Code

[singlerider]

Echoing @JordanTheJet's escalation — this one needs human eyes before anything near a tag push.

One additional blocker not yet captured here: the release plan in this PR lists crates.io publish as a pipeline step. That step will hard-fail. All 14 workspace sub-crates are publish = false, so cargo publish on the root fails with no matching package named zeroclaw-api found — documented in detail in #5811.

I've left a changes-requested review on #5812, which is the PR attempting to gate the publish step in CI. The recommendation there is to drop the CI gymnastics and instead set publish = false on the root Cargo.toml — matching what the sub-crates already do and making the block self-documenting at the manifest level rather than buried in workflow YAML. That should be resolved and merged before this release PR lands, otherwise whoever pushes the v0.7.0 tag is going to hit a broken pipeline mid-release.

Jordan's checklist above is the right gate. Holding on approval until #5812 is settled and the secrets are confirmed provisioned.

[WareWolf-MoonWall]

Changelog — v0.6.9 → next

Changes since the v0.6.9 stable release. This release represents the largest
structural overhaul in ZeroClaw's history: the entire codebase has been split into a
proper Cargo workspace of focused crates, a new config schema has shipped with a live
migration path, and a wave of channel, provider, and security improvements have landed
on top of that foundation.

---

Highlights

• Workspace split complete — ZeroClaw is now a multi-crate Cargo workspace. The
  monolithic source tree has been decomposed into 12+ focused crates
  (zeroclaw-api, zeroclaw-runtime, zeroclaw-gateway, zeroclaw-channels,
  zeroclaw-tools, zeroclaw-memory, zeroclaw-providers, zeroclaw-infra,
  zeroclaw-config, zeroclaw-tui, zeroclaw-plugins, zeroclaw-hardware).
  The foundation binary now builds at 6.6 MB with --no-default-features.

• Config V2 schema with automatic migration — Provider config has moved to a cleaner
  layout. Running zeroclaw config migrate upgrades your existing config in-place,
  preserving comments. The old props subcommand still works but is now deprecated in
  favour of zeroclaw config.

• OpenRouter streaming — OpenRouterProvider now streams responses token-by-token
  instead of waiting for the full response, matching the experience of native providers.

• Web dashboard decoupled from the binary — The dashboard is now built separately
  and embedded at release time. cargo install and AUR/Homebrew packages include it.
  A new voice mode and plugins page have been added to the dashboard.

• LINE channel — LINE Messaging API is now a supported channel.

• Matrix improvements — Mention-only filtering (the agent only responds when
  mentioned), encrypted media download restored, outbound attachment support added, and
  onboarding wizard preservation.

---

What's New

Architecture & Workspace

• Extracted 12 workspace crates from the monolith, implementing the microkernel RFC
  roadmap (RFC D1–D5). Every subsystem — providers, channels, tools, memory, infra,
  config, gateway, TUI, plugins, hardware — now lives in its own crate with explicit
  dependency boundaries enforced by the compiler.
• Foundation binary (--no-default-features) compiles clean at 6.6 MB.
• agent-runtime feature flag gates the full agent loop; the kernel binary builds
  without it.
• Switched TLS from aws-lc-rs to ring and stripped .eh_frame sections, reducing
  binary size further.
• schemars is now optional behind a schema-export feature flag — no longer a
  mandatory compile dependency.
• 28 per-channel feature flags with forwarding chains so unused channels add zero
  compile time.
• Workspace-wide [workspace.dependencies] and [workspace.package] inheritance
  eliminates version duplication across Cargo.toml files.
• RFC Rev 2 compliance: stability tiers, versioning policy, and release profile are now
  wired into the workspace.

Providers

• OpenRouterProvider now supports streaming (feat(providers): add streaming support to OpenRouterProvider #5717). Responses appear token-by-token
  instead of arriving all at once.
• Fixed: native tool-call messages are now stripped before sending to providers that
  have native_tool_calling = false, preventing provider errors (fix(provider): strip native tool messages for providers with native_tool_calling=false (#5743) #5762).
• Fixed: DeepSeek V3.2 system prompt escaping and token estimation corrected (fix(provider): DeepSeek V3.2 system prompt escaping and token estimation #5454).

Channels

• LINE Messaging API channel added (feat(channel): add LINE Messaging API channel #5642).
• Matrix: mention-only filtering — the agent can be configured to respond only when
  directly mentioned. Encrypted media download restored. Outbound attachment support
  added. Onboarding wizard settings now preserved across restarts (feat(matrix): mention_only filtering, enhanced media handling, onboarding preservation #5166, fix(matrix): restore encrypted media download and add outbound attachment support #5727).
• Sender user ID is now propagated into the channel system prompt, giving the agent
  context about who it is talking to (feat(channel): propagate sender user ID into channel system prompt #5526).
• Email and VoiceCall channels now have an enabled field and are correctly wired into
  the orchestrator (fix(channels): add enabled field and orchestrator wiring for Email and VoiceCall #5659).
• <think> tags are stripped from streaming draft updates before they reach the client
  (fix(channels): strip <think> tags from streaming draft updates #5505).
• Fixed: missing channels in build_channel_by_id caused sessions_send to silently
  fail for some channel types (fix(channel): add missing channels to build_channel_by_id for channel send #5506).
• Telegram and Matrix implementations moved out of the orchestrator into their own
  modules (fix(channels): move Telegram and Matrix implementations out of orchestrator #5639).

Configuration

• Config V2 schema with a new provider layout (providers.models,
  providers.fallback, model_routes, embedding_routes).
• zeroclaw config migrate upgrades a V1 config to V2 in-place, preserving comments
  and formatting.
• zeroclaw config replaces zeroclaw props. The old props subcommand is deprecated
  but still functional.
• Onboarding wizard updated to write V2 provider format directly.
• Fixed: false "Unknown config key" warnings for Option<T> fields and config aliases
  (fix(config): false "Unknown config key" warning for Option fields and aliases #5510).
• Fixed: providers.fallback now emits a warning if it references a key that does not
  exist in providers.models.
• Fixed: temperature validation restored in the providers.models loop.
• Slack config: channel_id deprecated in favour of channel_ids (plural) for V2.
• Nostr, WhatsApp Web, and hardware wizard sections wired into the onboarding flow
  (fix(onboard): wire nostr, whatsapp-web, and hardware wizard sections #5640).

Web Dashboard

• Voice mode added to the dashboard.
• Plugins management page added.
• Dashboard is now decoupled from the main binary — built separately and embedded at
  release time. Included in binary releases, AUR, Homebrew, and cargo install (fix(dist): include web dashboard in binary releases, AUR, and cargo install #5675,
  feat(web): voice mode, plugins page, decouple dashboard from binary #5665).
• Web build logic moved into the gateway crate; no-op recompiles (previously ~1 minute)
  eliminated (#5ec5f2a6).

Agent & Runtime

• CLI channel factory now registered for interactive mode — zeroclaw interactive
  sessions work again after the workspace split (fix(agent): register CLI channel factory for interactive mode #5802).
• Duplicate ToolCall events in turn_streamed deduplicated; clients no longer see the
  same tool call reported twice (fix(agent): deduplicate ToolCall event in turn_streamed #5746).
• Session integrity improvements: streaming refactor and history pruning for long
  conversations (fix(session): session integrity, streaming refactor, history pruning #5167).
• Cron agent jobs no longer trigger auto_save, preventing runaway memory consolidation
  on scheduled tasks (fix(cron): disable auto_save for cron agent jobs to prevent recursive memory bloat #5664).
• Windows: the shell console window is now hidden when running as a background process
  (fix(runtime): hide windows shell console window #5563).

Skills (Claude Code)

• github-issue-triage skill added — automates structured triage of GitHub issues using
  Claude Code (feat(skills): add github-issue-triage Claude Code skill #5780).
• squash-merge skill added — preserves clean commit history when merging upstream
  changes (feat(skills): add squash-merge skill for preserving commit history on upstream merges #5782).

Security

• Dangerous interpreter arguments (e.g. -e, --eval, -c on interpreters) are now
  blocked by the command security policy (fix(security): block dangerous interpreter arguments in command policy #5702).
• Heredocs and safe shell redirects (<<EOF, >, >>) are explicitly allowed (fix(security): allow heredocs and safe redirects in shell commands #5160).

Installation & Distribution

• install.sh rewritten from scratch for the workspace split — correctly handles the
  new crate layout and binary paths (fix(install): rewrite install.sh from scratch for workspace split #5666).
• AUR package migrated from zeroclaw to zeroclawlabs (fix(ci): migrate AUR package to zeroclawlabs #5544).
• Daemon supervisor and onboarding launch checks now include the webhook channel (fix(daemon,onboard): include webhook in supervised and launchable channel checks #5799).

Dependencies & Security Advisories

• rustls-webpki and rumqttc bumped to resolve RUSTSEC-2026-0098 and
  RUSTSEC-2026-0099 (fix(deps): resolve RUSTSEC-2026-0098 and RUSTSEC-2026-0099 — bump rustls-webpki and rumqttc #5786).

---

Bug Fixes (summary)

Area	Fix
Provider	Strip native tool messages for non-native-tool-calling providers
Provider	DeepSeek V3.2 system prompt escaping and token estimation
Agent	CLI channel factory missing in interactive mode
Agent	Duplicate ToolCall events in streaming turns
Matrix	Encrypted media download; outbound attachments
Channels	Missing Arc Provider forwarding methods
Channels	<think> tag leaking into streaming draft updates
Config	False "Unknown config key" warnings on Option fields
Config	Temperature validation missing from providers loop
Config	Fallback key references nonexistent provider — now warns
Session	Integrity, streaming refactor, history pruning
Cron	auto_save causing recursive memory bloat on scheduled jobs
Security	Dangerous interpreter flags not blocked
Install	install.sh broken after workspace split
Runtime	Windows console window visible in background mode
Distribution	Web dashboard missing from AUR and cargo install builds

---

Breaking Changes

Config schema (V1 → V2)

The provider section of config.toml has a new layout. V1 configs are still loaded and
automatically understood, but the recommended path is to run the migration:

zeroclaw config migrate

This rewrites your config to V2 in-place. The old format will continue to work in this
release but will not be supported indefinitely.

zeroclaw props deprecated

Use zeroclaw config instead. The props subcommand still works and will not be
removed in this release, but it will emit a deprecation notice.

Slack channel_id deprecated

Use channel_ids (a list) in the Slack config block. channel_id (singular) still
works but is deprecated in V2.

Workspace crate boundaries

If you have any code that depends directly on internal ZeroClaw crate paths (e.g. for
embedding or testing), the crate structure has changed significantly. Refer to
AGENTS.md for the current crate map and stability tiers. zeroclaw-api is the stable
extension point — all other crates are Beta or Experimental.

---

Contributors

Thank you to everyone who contributed to this release:

• Argenis
• Dan Gilles (Audacity88)
• Matteo Pietro Dazzi
• Nayrosk
• Shane Engelman
• zilch40
• Chris Hengge (WareWolf-MoonWall)

---

Full diff: git log v0.6.9..HEAD --oneline

[WareWolf-MoonWall]

Changelog — v0.6.9 → next

Changes since the v0.6.9 stable release. This release represents the largest
structural overhaul in ZeroClaw's history: the entire codebase has been split into a
proper Cargo workspace of focused crates, a new config schema has shipped with a live
migration path, and a wave of channel, provider, and security improvements have landed
on top of that foundation.

---

Highlights

• Workspace split complete — ZeroClaw is now a multi-crate Cargo workspace. The
  monolithic source tree has been decomposed into 12+ focused crates
  (zeroclaw-api, zeroclaw-runtime, zeroclaw-gateway, zeroclaw-channels,
  zeroclaw-tools, zeroclaw-memory, zeroclaw-providers, zeroclaw-infra,
  zeroclaw-config, zeroclaw-tui, zeroclaw-plugins, zeroclaw-hardware).
  The foundation binary now builds at 6.6 MB with --no-default-features.

• Config V2 schema with automatic migration — Provider config has moved to a cleaner
  layout. Running zeroclaw config migrate upgrades your existing config in-place,
  preserving comments. The old props subcommand still works but is now deprecated in
  favour of zeroclaw config.

• OpenRouter streaming — OpenRouterProvider now streams responses token-by-token
  instead of waiting for the full response, matching the experience of native providers.

• Web dashboard decoupled from the binary — The dashboard is now built separately
  and embedded at release time. cargo install and AUR/Homebrew packages include it.
  A new voice mode and plugins page have been added to the dashboard.

• LINE channel — LINE Messaging API is now a supported channel.

• Matrix improvements — Mention-only filtering (the agent only responds when
  mentioned), encrypted media download restored, outbound attachment support added, and
  onboarding wizard preservation.

---

What's New

Architecture & Workspace

• Extracted 12 workspace crates from the monolith, implementing the microkernel RFC
  roadmap (RFC D1–D5). Every subsystem — providers, channels, tools, memory, infra,
  config, gateway, TUI, plugins, hardware — now lives in its own crate with explicit
  dependency boundaries enforced by the compiler.
• Foundation binary (--no-default-features) compiles clean at 6.6 MB.
• agent-runtime feature flag gates the full agent loop; the kernel binary builds
  without it.
• Switched TLS from aws-lc-rs to ring and stripped .eh_frame sections, reducing
  binary size further.
• schemars is now optional behind a schema-export feature flag — no longer a
  mandatory compile dependency.
• 28 per-channel feature flags with forwarding chains so unused channels add zero
  compile time.
• Workspace-wide [workspace.dependencies] and [workspace.package] inheritance
  eliminates version duplication across Cargo.toml files.
• RFC Rev 2 compliance: stability tiers, versioning policy, and release profile are now
  wired into the workspace.

Providers

• OpenRouterProvider now supports streaming (feat(providers): add streaming support to OpenRouterProvider #5717). Responses appear token-by-token
  instead of arriving all at once.
• Fixed: native tool-call messages are now stripped before sending to providers that
  have native_tool_calling = false, preventing provider errors (fix(provider): strip native tool messages for providers with native_tool_calling=false (#5743) #5762).
• Fixed: DeepSeek V3.2 system prompt escaping and token estimation corrected (fix(provider): DeepSeek V3.2 system prompt escaping and token estimation #5454).

Channels

• LINE Messaging API channel added (feat(channel): add LINE Messaging API channel #5642).
• Matrix: mention-only filtering — the agent can be configured to respond only when
  directly mentioned. Encrypted media download restored. Outbound attachment support
  added. Onboarding wizard settings now preserved across restarts (feat(matrix): mention_only filtering, enhanced media handling, onboarding preservation #5166, fix(matrix): restore encrypted media download and add outbound attachment support #5727).
• Sender user ID is now propagated into the channel system prompt, giving the agent
  context about who it is talking to (feat(channel): propagate sender user ID into channel system prompt #5526).
• Email and VoiceCall channels now have an enabled field and are correctly wired into
  the orchestrator (fix(channels): add enabled field and orchestrator wiring for Email and VoiceCall #5659).
• <think> tags are stripped from streaming draft updates before they reach the client
  (fix(channels): strip <think> tags from streaming draft updates #5505).
• Fixed: missing channels in build_channel_by_id caused sessions_send to silently
  fail for some channel types (fix(channel): add missing channels to build_channel_by_id for channel send #5506).
• Telegram and Matrix implementations moved out of the orchestrator into their own
  modules (fix(channels): move Telegram and Matrix implementations out of orchestrator #5639).

Configuration

• Config V2 schema with a new provider layout (providers.models,
  providers.fallback, model_routes, embedding_routes).
• zeroclaw config migrate upgrades a V1 config to V2 in-place, preserving comments
  and formatting.
• zeroclaw config replaces zeroclaw props. The old props subcommand is deprecated
  but still functional.
• Onboarding wizard updated to write V2 provider format directly.
• Fixed: false "Unknown config key" warnings for Option<T> fields and config aliases
  (fix(config): false "Unknown config key" warning for Option fields and aliases #5510).
• Fixed: providers.fallback now emits a warning if it references a key that does not
  exist in providers.models.
• Fixed: temperature validation restored in the providers.models loop.
• Slack config: channel_id deprecated in favour of channel_ids (plural) for V2.
• Nostr, WhatsApp Web, and hardware wizard sections wired into the onboarding flow
  (fix(onboard): wire nostr, whatsapp-web, and hardware wizard sections #5640).

Web Dashboard

• Voice mode added to the dashboard.
• Plugins management page added.
• Dashboard is now decoupled from the main binary — built separately and embedded at
  release time. Included in binary releases, AUR, Homebrew, and cargo install (fix(dist): include web dashboard in binary releases, AUR, and cargo install #5675,
  feat(web): voice mode, plugins page, decouple dashboard from binary #5665).
• Web build logic moved into the gateway crate; no-op recompiles (previously ~1 minute)
  eliminated (#5ec5f2a6).

Agent & Runtime

• CLI channel factory now registered for interactive mode — zeroclaw interactive
  sessions work again after the workspace split (fix(agent): register CLI channel factory for interactive mode #5802).
• Duplicate ToolCall events in turn_streamed deduplicated; clients no longer see the
  same tool call reported twice (fix(agent): deduplicate ToolCall event in turn_streamed #5746).
• Session integrity improvements: streaming refactor and history pruning for long
  conversations (fix(session): session integrity, streaming refactor, history pruning #5167).
• Cron agent jobs no longer trigger auto_save, preventing runaway memory consolidation
  on scheduled tasks (fix(cron): disable auto_save for cron agent jobs to prevent recursive memory bloat #5664).
• Windows: the shell console window is now hidden when running as a background process
  (fix(runtime): hide windows shell console window #5563).

Skills (Claude Code)

• github-issue-triage skill added — automates structured triage of GitHub issues using
  Claude Code (feat(skills): add github-issue-triage Claude Code skill #5780).
• squash-merge skill added — preserves clean commit history when merging upstream
  changes (feat(skills): add squash-merge skill for preserving commit history on upstream merges #5782).

Security

• Dangerous interpreter arguments (e.g. -e, --eval, -c on interpreters) are now
  blocked by the command security policy (fix(security): block dangerous interpreter arguments in command policy #5702).
• Heredocs and safe shell redirects (<<EOF, >, >>) are explicitly allowed (fix(security): allow heredocs and safe redirects in shell commands #5160).

Installation & Distribution

• install.sh rewritten from scratch for the workspace split — correctly handles the
  new crate layout and binary paths (fix(install): rewrite install.sh from scratch for workspace split #5666).
• AUR package migrated from zeroclaw to zeroclawlabs (fix(ci): migrate AUR package to zeroclawlabs #5544).
• Daemon supervisor and onboarding launch checks now include the webhook channel (fix(daemon,onboard): include webhook in supervised and launchable channel checks #5799).

Dependencies & Security Advisories

• rustls-webpki and rumqttc bumped to resolve RUSTSEC-2026-0098 and
  RUSTSEC-2026-0099 (fix(deps): resolve RUSTSEC-2026-0098 and RUSTSEC-2026-0099 — bump rustls-webpki and rumqttc #5786).

---

Bug Fixes (summary)

Area	Fix
Provider	Strip native tool messages for non-native-tool-calling providers
Provider	DeepSeek V3.2 system prompt escaping and token estimation
Agent	CLI channel factory missing in interactive mode
Agent	Duplicate ToolCall events in streaming turns
Matrix	Encrypted media download; outbound attachments
Channels	Missing Arc Provider forwarding methods
Channels	<think> tag leaking into streaming draft updates
Config	False "Unknown config key" warnings on Option fields
Config	Temperature validation missing from providers loop
Config	Fallback key references nonexistent provider — now warns
Session	Integrity, streaming refactor, history pruning
Cron	auto_save causing recursive memory bloat on scheduled jobs
Security	Dangerous interpreter flags not blocked
Install	install.sh broken after workspace split
Runtime	Windows console window visible in background mode
Distribution	Web dashboard missing from AUR and cargo install builds

---

Breaking Changes

Config schema (V1 → V2)

The provider section of config.toml has a new layout. V1 configs are still loaded and
automatically understood, but the recommended path is to run the migration:

zeroclaw config migrate

This rewrites your config to V2 in-place. The old format will continue to work in this
release but will not be supported indefinitely.

zeroclaw props deprecated

Use zeroclaw config instead. The props subcommand still works and will not be
removed in this release, but it will emit a deprecation notice.

Slack channel_id deprecated

Use channel_ids (a list) in the Slack config block. channel_id (singular) still
works but is deprecated in V2.

Workspace crate boundaries

If you have any code that depends directly on internal ZeroClaw crate paths (e.g. for
embedding or testing), the crate structure has changed significantly. Refer to
AGENTS.md for the current crate map and stability tiers. zeroclaw-api is the stable
extension point — all other crates are Beta or Experimental.

---

Contributors

Thank you to everyone who contributed to this release:

• @aliasliao
• @ArgenisDLR
• @Audacity88
• @c98
• @DaBlitzStein
• @freeekanayaka
• @guitaripod
• @ilteoood
• @JordanTheJet
• @kunalk16
• @markuman
• @nayrosk
• @ninenox
• @singlerider
• @theonlyhennygod
• @titulus
• @UtopiaX
• @vernonstinebaker
• @WareWolf-MoonWall
• @wlh320

---

Full diff: git log v0.6.9..HEAD --oneline

[JordanTheJet]

LGTM, change logs maybe not required and might be orphaned but they can be used as release notes and cleaned up